Setup MQTT

modules/hosts/nixos/hetznix01/post-install/default.nix

@@ -5,6 +5,7 @@ in {
     ../../../common/linux/lets-encrypt.nix
     ../../../common/linux/restic.nix
     ./matrix-synapse.nix
+    ./mosquitto.nix
     ./nginx.nix
   ];
 
@@ -76,7 +77,7 @@ in {
       extraApps = with config.services.nextcloud.package.packages.apps; {
         # List of apps we want to install and are already packaged in
         # https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
-        inherit 
+        inherit
           richdocuments # Collabora Online for Nextcloud - https://apps.nextcloud.com/apps/richdocuments
           ;
       };

modules/hosts/nixos/hetznix01/post-install/mosquitto.nix

@@ -0,0 +1,102 @@
+{ config, ... }: {
+  services.mosquitto = {
+    enable = true;
+    bridges = {
+      liamcottle = {
+        addresses = [{
+          address = "mqtt.meshtastic.liamcottle.net";
+          port = 1883;
+        }];
+        topics = [
+          "msh/# out 1 \"\""
+        ];
+        settings = {
+          remote_username = "uplink";
+          remote_password = "uplink";
+          cleansession = true;
+          keepalive_interval = 160;
+          notifications = false;
+          start_type = "automatic";
+        };
+      };
+      meshtastic = {
+        addresses = [{
+          address = "mqtt.meshtastic.org";
+          port = 1883;
+        }];
+        topics = [
+          "msh/# out 1 \"\""
+        ];
+        settings = {
+          remote_username = "meshdev";
+          remote_password = "large4cats";
+          #bridge_protocol_version = "mqttv311";
+          cleansession = true;
+          keepalive_interval = 160;
+          notifications = false;
+          start_type = "automatic";
+        };
+      };
+      homeassistant = {
+        addresses = [{
+          address = "homeasistant-lc.atlas-snares.ts.net";
+          port = 1883;
+        }];
+        topics = [
+          "msh/US/2/e/LongFast/!a386c80 out 1 \"\""
+          "msh/US/2/e/LongFast/!b03bcb24 out 1 \"\""
+          "msh/US/2/e/LongFast/!b03dbe58 out 1 \"\""
+          "msh/US/2/e/LongFast/!4370b0c6 out 1 \"\""
+        ];
+        settings = {
+          remote_username = "meshtastic_user";
+          remote_password = "meshtastic_user";
+          cleansession = true;
+          keepalive_interval = 160;
+          notifications = false;
+          start_type = "automatic";
+        };
+      };
+    };
+    listeners = let
+      mqtt_users = {
+        genebean = {
+          acl = [
+            "readwrite msh/#"
+          ];
+          hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
+        };
+        mountain_mesh = {
+          acl = [
+            "readwrite msh/#"
+          ];
+          hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
+        };
+      };
+    in [
+      {
+        users = mqtt_users;
+        settings.allow_anonymous = false;
+      }
+      {
+        port = 8883;
+        users = mqtt_users;
+        settings = let
+           certDir = config.security.acme.certs."mqtt.technicalissues.us".directory;
+        in {
+          allow_anonymous = false;
+          keyfile = certDir + "/key.pem";
+          certfile = certDir + "/cert.pem";
+          cafile = certDir + "/chain.pem";
+        };
+      }
+    ];
+  };
+
+  sops.secrets = {
+    mosquitto_genebean.owner = config.users.users.mosquitto.name;
+    mosquitto_mountain_mesh.owner = config.users.users.mosquitto.name;
+  };
+
+  users.users.mosquitto.extraGroups = [ "nginx" ];
+}

modules/hosts/nixos/hetznix01/post-install/nginx.nix

@@ -152,6 +152,12 @@ in {
           "/_synapse/client".proxyPass = "http://[::1]:8008";
         };
       };
+      "mqtt.${domain}" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/".return = "301 https://beanbag.technicalissues.us";
+      };
       "ot.${domain}" = {
         enableACME = true;
         acmeRoot = null;